Auditing Project Token Activity

Release notes

Problem to solve

While audit events are generated when project access token was successfully created or revoked (Introduced in GitLab 13.9), there are no audit events when the project token is actually used. This will be a critical issue when a cybersecurity event occurs as there is no audit trail to quickly identify who / how the token has been used. Especially, when the project token feature is enabled by default.

Proposal